head 1.2; access; symbols pkgsrc-2013Q2:1.2.0.4 pkgsrc-2013Q2-base:1.2 pkgsrc-2012Q4:1.2.0.2 pkgsrc-2012Q4-base:1.2 pkgsrc-2012Q2:1.1.0.16 pkgsrc-2012Q2-base:1.1 pkgsrc-2012Q1:1.1.0.14 pkgsrc-2012Q1-base:1.1 pkgsrc-2011Q4:1.1.0.12 pkgsrc-2011Q4-base:1.1 pkgsrc-2011Q3:1.1.0.10 pkgsrc-2011Q3-base:1.1 pkgsrc-2011Q2:1.1.0.8 pkgsrc-2011Q2-base:1.1 pkgsrc-2011Q1:1.1.0.6 pkgsrc-2011Q1-base:1.1 pkgsrc-2010Q4:1.1.0.4 pkgsrc-2010Q4-base:1.1 pkgsrc-2010Q3:1.1.0.2; locks; strict; comment @# @; 1.2 date 2012.08.01.17.52.21; author drochner; state dead; branches; next 1.1; 1.1 date 2010.12.29.10.49.21; author tron; state Exp; branches 1.1.2.1; next ; 1.1.2.1 date 2010.12.29.10.49.21; author sbd; state dead; branches; next 1.1.2.2; 1.1.2.2 date 2010.12.30.03.37.22; author sbd; state Exp; branches; next ; desc @@ 1.2 log @update to 1.6.4 this is a step of two major branches, to much to list here pkgsrc notes: -I've left out our NETBSD_ATOMIC_OPS patch because it is very invasive and gcc intrinsics are hopefully good enough -A workaround for non-standard behavior of vsnprintf has been added upstream, for HPUX as the comment says. We had a patch for __hpux||__sgi which is removed now - the sgi case should be checked. @ text @$NetBSD: patch-CVE-2010-4352-1,v 1.1 2010/12/29 10:49:21 tron Exp $ Fix for CVE-2010-4352 taken from here: http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.2&id=5042c1e5e6df31700215c9dc0618634911b0c9f5 --- dbus/dbus-marshal-validate.c.orig 2009-05-06 18:26:48.000000000 +0100 +++ dbus/dbus-marshal-validate.c 2010-12-29 10:35:49.000000000 +0000 @@@@ -289,16 +289,30 @@@@ return result; } +/* note: this function is also used to validate the header's values, + * since the header is a valid body with a particular signature. + */ static DBusValidity validate_body_helper (DBusTypeReader *reader, int byte_order, dbus_bool_t walk_reader_to_end, + int total_depth, const unsigned char *p, const unsigned char *end, const unsigned char **new_p) { int current_type; + /* The spec allows arrays and structs to each nest 32, for total + * nesting of 2*32. We want to impose the same limit on "dynamic" + * value nesting (not visible in the signature) which is introduced + * by DBUS_TYPE_VARIANT. + */ + if (total_depth > (DBUS_MAXIMUM_TYPE_RECURSION_DEPTH * 2)) + { + return DBUS_INVALID_NESTED_TOO_DEEPLY; + } + while ((current_type = _dbus_type_reader_get_current_type (reader)) != DBUS_TYPE_INVALID) { const unsigned char *a; @@@@ -474,7 +488,9 @@@@ { while (p < array_end) { - validity = validate_body_helper (&sub, byte_order, FALSE, p, end, &p); + validity = validate_body_helper (&sub, byte_order, FALSE, + total_depth + 1, + p, end, &p); if (validity != DBUS_VALID) return validity; } @@@@ -591,7 +607,9 @@@@ _dbus_assert (_dbus_type_reader_get_current_type (&sub) != DBUS_TYPE_INVALID); - validity = validate_body_helper (&sub, byte_order, FALSE, p, end, &p); + validity = validate_body_helper (&sub, byte_order, FALSE, + total_depth + 1, + p, end, &p); if (validity != DBUS_VALID) return validity; @@@@ -620,7 +638,9 @@@@ _dbus_type_reader_recurse (reader, &sub); - validity = validate_body_helper (&sub, byte_order, TRUE, p, end, &p); + validity = validate_body_helper (&sub, byte_order, TRUE, + total_depth + 1, + p, end, &p); if (validity != DBUS_VALID) return validity; } @@@@ -705,7 +725,7 @@@@ p = _dbus_string_get_const_data_len (value_str, value_pos, len); end = p + len; - validity = validate_body_helper (&reader, byte_order, TRUE, p, end, &p); + validity = validate_body_helper (&reader, byte_order, TRUE, 0, p, end, &p); if (validity != DBUS_VALID) return validity; @ 1.1 log @Add fix for vulnerability reported in CVE-2010-4352 (SA42580) taken from the "dbus" GIT repository. @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-CVE-2010-4352-1 was added on branch pkgsrc-2010Q3 on 2010-12-30 03:37:22 +0000 @ text @d1 81 @ 1.1.2.2 log @Pullup ticket #3313 - requested by tron Security patch for "sysutils/dbus" Revisions pulled up: - sysutils/dbus/Makefile 1.50 - sysutils/dbus/distinfo 1.36 - sysutils/dbus/patches/patch-CVE-2010-4352-1 1.1 - sysutils/dbus/patches/patch-CVE-2010-4352-2 1.1 - sysutils/dbus/patches/patch-CVE-2010-4352-3 1.1 - sysutils/dbus/patches/patch-CVE-2010-4352-4 1.1 ------------------------------------------------------------------------- Module Name: pkgsrc Committed By: tron Date: Wed Dec 29 10:49:21 UTC 2010 Modified Files: pkgsrc/sysutils/dbus: Makefile distinfo Added Files: pkgsrc/sysutils/dbus/patches: patch-CVE-2010-4352-1 patch-CVE-2010-4352-2 patch-CVE-2010-4352-3 patch-CVE-2010-4352-4 Log Message: Add fix for vulnerability reported in CVE-2010-4352 (SA42580) taken from the "dbus" GIT repository. @ text @a0 81 $NetBSD: patch-CVE-2010-4352-1,v 1.1 2010/12/29 10:49:21 tron Exp $ Fix for CVE-2010-4352 taken from here: http://cgit.freedesktop.org/dbus/dbus/commit/?h=dbus-1.2&id=5042c1e5e6df31700215c9dc0618634911b0c9f5 --- dbus/dbus-marshal-validate.c.orig 2009-05-06 18:26:48.000000000 +0100 +++ dbus/dbus-marshal-validate.c 2010-12-29 10:35:49.000000000 +0000 @@@@ -289,16 +289,30 @@@@ return result; } +/* note: this function is also used to validate the header's values, + * since the header is a valid body with a particular signature. + */ static DBusValidity validate_body_helper (DBusTypeReader *reader, int byte_order, dbus_bool_t walk_reader_to_end, + int total_depth, const unsigned char *p, const unsigned char *end, const unsigned char **new_p) { int current_type; + /* The spec allows arrays and structs to each nest 32, for total + * nesting of 2*32. We want to impose the same limit on "dynamic" + * value nesting (not visible in the signature) which is introduced + * by DBUS_TYPE_VARIANT. + */ + if (total_depth > (DBUS_MAXIMUM_TYPE_RECURSION_DEPTH * 2)) + { + return DBUS_INVALID_NESTED_TOO_DEEPLY; + } + while ((current_type = _dbus_type_reader_get_current_type (reader)) != DBUS_TYPE_INVALID) { const unsigned char *a; @@@@ -474,7 +488,9 @@@@ { while (p < array_end) { - validity = validate_body_helper (&sub, byte_order, FALSE, p, end, &p); + validity = validate_body_helper (&sub, byte_order, FALSE, + total_depth + 1, + p, end, &p); if (validity != DBUS_VALID) return validity; } @@@@ -591,7 +607,9 @@@@ _dbus_assert (_dbus_type_reader_get_current_type (&sub) != DBUS_TYPE_INVALID); - validity = validate_body_helper (&sub, byte_order, FALSE, p, end, &p); + validity = validate_body_helper (&sub, byte_order, FALSE, + total_depth + 1, + p, end, &p); if (validity != DBUS_VALID) return validity; @@@@ -620,7 +638,9 @@@@ _dbus_type_reader_recurse (reader, &sub); - validity = validate_body_helper (&sub, byte_order, TRUE, p, end, &p); + validity = validate_body_helper (&sub, byte_order, TRUE, + total_depth + 1, + p, end, &p); if (validity != DBUS_VALID) return validity; } @@@@ -705,7 +725,7 @@@@ p = _dbus_string_get_const_data_len (value_str, value_pos, len); end = p + len; - validity = validate_body_helper (&reader, byte_order, TRUE, p, end, &p); + validity = validate_body_helper (&reader, byte_order, TRUE, 0, p, end, &p); if (validity != DBUS_VALID) return validity; @